Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. CompTIA
  3. CompTIA CySA+
  4. CS0-001 - CompTIA CySA+ Certification Exam
Note! Following CS0-001 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is CS0-002

CS0-001 Exam Dumps - CompTIA CySA+ Certification Exam

Go to page:
Question # 33

A technician recently fixed a computer with several viruses and spyware programs on it and notices the Internet settings were set to redirect all traffic through an unknown proxy. This type of attack is known as which of the following?

A.

Phishing

B.

Social engineering

C.

Man-in-the-middle

D.

Shoulder surfing

Full Access
Question # 34

A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT?

A.

Start the change control process.

B.

Rescan to ensure the vulnerability still exists.

C.

Implement continuous monitoring.

D.

Begin the incident response process.

Full Access
Question # 35

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.

During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine.

Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

A.

Transitive access

B.

Spoofing

C.

Man-in-the-middle

D.

Replay

Full Access
Question # 36

A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected parties should be notified to keep an incident from becoming a media headline. Which of the following should the analyst recommend to the company officer?

A.

The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.

B.

Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.

C.

An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse.

D.

The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that might be viewed during an investigation.

Full Access
Question # 37

A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended by the audit was to switch the port to 636 wherever technically possible. Which of the following is the BEST response?

A.

Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and 636 are identical.

B.

Change all devices and servers that support it to 636, as encrypted services run by default on 636.

C.

Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.

D.

Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.

Full Access
Question # 38

A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it is deployed. The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently. Which of the following vulnerability options would BEST create the process requirements?

A.

Utilizing an operating system SCAP plugin

B.

Utilizing an authorized credential scan

C.

Utilizing a non-credential scan

D.

Utilizing a known malware plugin

Full Access
Question # 39

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application.

The security administrator notices that the new application uses a port typically monopolized by a virus.

The security administrator denies the request and suggests a new port or service be used to complete the application’s task.

Which of the following is the security administrator practicing in this example?

A.

Explicit deny

B.

Port security

C.

Access control lists

D.

Implicit deny

Full Access
Question # 40

A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organization’s internal and external network infrastructure. As part of the project, a team of external contractors will attempt to employ various attacks against the organization. The statement of work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication weaknesses in the infrastructure.

The scope of activity as described in the statement of work is an example of:

A.

session hijacking

B.

vulnerability scanning

C.

social engineering

D.

penetration testing

E.

friendly DoS

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps